Perl Locale::Maketext Module Two Code Injection

by Carol~ Moderator - 12/7/12 6:22 AM

In Reply to: VULNERABILITIES / FIXES - December 07, 2012 by Carol~ Moderator

Perl Locale::Maketext Module Two Code Injection Vulnerabilities

Release Date : 2012-12-07

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround

Software: Locale::Maketext 1.x (module for Perl)

Two vulnerabilities have been reported in Locale::Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module.

The vulnerabilities are caused due to the "_compile()" function not properly sanitising input, which can be exploited to inject and execute arbitrary Perl code.

The vulnerabilities are reported in version 1.23. Prior versions may also be affected.

Fixed in the GIT repository:

Provided and/or discovered by:
Brian Carlson of cPanel

Original Advisory: